System and method for authentication of a roaming subscriber

a subscriber and system technology, applied in the field of network system for performing authentication of a roaming subscriber, can solve the problems of different service costs that might have to be paid, non-authorized persons cannot be charged, and security problems

Inactive Publication Date: 2007-05-29
NOKIA SOLUTIONS & NETWORKS OY
View PDF6 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0027]The part of the message may be a ciphering key (CK), an integrity key (IK) or combination of both. In addition, also other parts of the message can be chosen as a key code by which the second authentication can be performed. This part or even the definition where in the message the part is located can be kept secret by the first network, i.e., the home network. By this measure, it can be ensured that the operator of the visited network does not know exactly what kind of values are used for the authentication in the home network. This contributes to reliability of the authentication.

Problems solved by technology

However, in case different networks operated by different network operators are concerned, there might arise security problems.
This is particular a problem in case of a world wide roaming, which is possible in UMTS.
In addition, this can be a problem for the Internet Multimedia Core Network Subsystem IM CN SS, since here, for example, different service costs might have to be paid.
Thus, a non-authorized person cannot be charged or the real subscriber can be charged although he has not used the service.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for authentication of a roaming subscriber
  • System and method for authentication of a roaming subscriber
  • System and method for authentication of a roaming subscriber

Examples

Experimental program
Comparison scheme
Effect test

first embodiment

[0046]FIG. 2 shows a signaling flow of an authentication procedure according to the

[0047]In case the user registers to the network, the UE sends a registration request to the vP-CSCF (step A1). This can be a SIP (Session Initiation Protocol) REGISTER message, for example. The vP-CSCF forwards this request to the home network, i.e., to the I-CSCF (step A2) since in order to perform authentication, the vP-CSCF has to obtain the necessary authentication information. The I-CSCF, in turn, sends a GetAuthInfo (Get Authorization Information) message to the HSS (step A3).

[0048]The HSS responds with an Authorization Information Response (AuthInfoResp) (step A4). This response includes a plurality of parameters VRAND, hRAND, VRES, hRES AUTN, CK, IK. That is, two random numbers, visited RAND (VRAND) and home RAND (hRAND) are sent. The number vRAND is intended for an authentication check performed in the visited network, whereas the number hRAND is intended for an authentication check performed...

second embodiment

[0054] only one RAND number and the corresponding RES number (i.e., the scheduled result) is sent to the visited network. The visited network performs authentication by using these RAND and RES numbers. The home network verifies the authentication by using the ciphering key CK.

[0055]In detail, the UE sends a registration request to the vP-CSCF which is forwarded to the I-CSCF. Since the steps B1 to B3 are similar to the steps A1 to A3 according to the first embodiment, an unnecessary repetition is omitted here.

[0056]The HSS sends an AuthInfoResp message including the parameters RAND, AUTN, RES, CK and IK to the I-CSCF (step B4). The I-CSCF retrieves only the ciphering key CK from the parameters and forwards a 401 Unauthorized message to the vP-CSCF in which no CK is included (step B5). The vP-CSCF retrieves the number RES from the parameters and forwards a 407 Proxy Authorization Required message to the UE, in which no RES is included (step B6).

[0057]The UE calculates CRES from RAND...

third embodiment

[0064]Next, another authentication procedure is described as a third embodiment by referring to FIG. 4.

[0065]According to the third embodiment, the result RES is divided into two parts. For example, RES may consist of 128 bits. Then, the first 64 bits may form vRES, and the last 64 bits may form hRES. The home network sends only vRES to the visited network. The UE performs only one calculation, i.e., calculates CRES from RAND.

[0066]The steps C1 to C4 shown in FIG. 4 are similar to the steps B1 to B4 of FIG. 3, thus an unnecessary repetition of the description thereof is omitted.

[0067]Thus, the I-CSCF obtains in particular the scheduled result RES from the HSS. The I-CSCF splits the number RES in two parts, as indicated above, i.e., as vRES and hRES. This division into two parts can also be done already in the generating unit, in this case HSS. Thereafter, the I-CSCF sends a 401 Unauthorized message including vRES to the vP-CSCF (step C5). It is noted that in this message neither RES...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A network system is proposed comprising a first network control element in a visited network, a second network control element in a home network and a communication device (UE) associated to a subscriber, wherein the first network control element is adapted to perform a first authentication (A9) of a roaming subscriber requesting authentication, and the second network control element is adapted to perform a second authentication (A11) of the same subscriber. By this measure, both network control elements are able to verify that the authentication was performed correctly. Also a corresponding method is proposed.

Description

PRIORITY CLAIM[0001]This is a national stage of PCT application No. PCT / EP00 / 11889, filed on Nov. 28, 2000. Priority is claimed on that application.FIELD OF THE INVENTION[0002]The present invention relates to a method a network system for performing authentication of a subscriber.BACKGROUND OF THE INVENTION[0003]The present invention concerns authentication of a subscriber, particularly authentication of a subscriber who is roaming in a network other than his home network.[0004]The general procedure for performing an authentication is described in the following in short. The authentication procedures are similar in GSM and UMTS. Thus, in the following the authentication procedure is described by referring to GSM as an example.[0005]An authentication is usually required when a subscriber registers to the network services. Also an authentication may be required when a connection is established, i.e. when originating or terminating a call. The authentication is performed, for example, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(United States)
IPC IPC(8): H04K1/00G09C1/00H04L9/32H04L12/66H04L29/06H04W12/00H04W12/06H04W12/12
CPCH04L63/0869H04W12/10H04L65/1073H04W12/06H04L65/1016H04L63/12H04W12/106
Inventor FLYKT, PATRIKNIEMI, VALTTERIRAJANIEMI, JAAKKONIEMI, AKI
Owner NOKIA SOLUTIONS & NETWORKS OY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap